The spread of malware, viruses and other cyber
attacks on social networking sites like Facebook and MySpace presents one of
the main emerging cybersecurity threats, according to a report issued by Tech’s
Information Security Center.

The report, entitled “Emerging Cyber Threats Report
for 2009,” outlines various forms of computer security threats that have been
increasing in occurrence and are expected to become more prevalent in the near
future. These new threats include new ways in which users’ computers can become
infected with malware, viruses and bot- nets, as well as new ways of conducting
phishing scams.

“Based on research that we do here at Georgia Tech
and friends that we have in the industry who are top leaders in this field, we
identified these major threats,” said Mustaque Ahamad, director of the
Information Security Center. “Our report is more forward-looking...like what we
can do to save face as we deal with the kinds of threats that we are talking
about.”

“Malware, basically, is software that will do bad
things if it somehow manages to get installed on your machine...it finds a
stealthy way to get there,” Ahamad said. “A lot of this is driven by the intent
to steal sensitive data that you may have.”

Another type of threat addressed in the new report
is that of botnets, which are a type of security breach to a user’s computer in
which an attacker can remotely take control of the computer. “With a botnet,
[the user’s computer] becomes part of a larger network [of computers],” Ahamad
said. These computers are often referred to as “zombie computers,” which are
taken over and used en masse with other computers for nefarious purposes.

In the early days of computers, typical security
threats did not have to be very advanced, as the idea of security protection
was minimal. However, today computer systems are more complex, and many people
have secure operating systems and use anti-virus and malware protection
software.

“The bad guys have become more sophisticated,”
Ahamad said. “They don’t try to blindly get you, but try to get to you where
you feel like it is a legitimate action.”

Herb Baines, OIT director of Information Security,
described some of the methods in which attackers utilize social networking to
conduct their schemes. “Things like ‘adspoits’ on these social net- works.
You’ll see a lot of various ads, individual ads, corporate ads, things like
that...that may have a malware hidden behind it.”

One of the characteristics of ads on social
networking sites that makes them potentially dangerous, besides having the
ability to be personalized based on the in- formation that users edit on their
profiles, is the fact that these ads link to external websites, outside the
confines of the social networking site. “All of these social networks will
allow you to click on external links [in ads],” Baines said. “In the case of Facebook,
they have done a lot to combat malware on their end, but it’s all those
external links that they have no way to police.”

One example of a recent exploit using social
networking to infect computers with malware occurred in August this year with
the Facebook “Court Jester attack,” in which over 18,000 profiles were targeted
within a 24 hour period with links posted in “wall” messages that led to the
download of malware.

OIT estimates that on a monthly basis, 10 of the
8,000 systems connected to ResNet/EastNet are affected by malware.

There are many things that users can do to protect
themselves from these risks. “Go to OIT’s website and download the free
software that is available to them,” Baines said. “Make sure your ma- chine is
up to date. Use good anti- virus software, use secure browsers, block cookies,
JavaScript and popups.”

“There is some protection on
OIT’s part,” Baines said. “However, it still comes down to the users’
awareness.”